A hacker group claims to have an exploit that would make it possible to regain control of lost or stolen iPhones that have been deactivated via iCloud, reports Apple Insider.

iCloud offers activation lock, which is specifically designed to "[make] it harder for anyone to use or sell your iPhone, iPad, or iPod touch if it’s ever lost or stolen." As soon as you realize your iPhone is missing in such a way that you'll likely never see it again, such a deactivation protects your contacts, email, and photographs from being seen by prying eyes.

Now a hacker group called Team DoulCi says they're able to reactivate and use phones that have been disabled by activation lock. Security researcher Mark Loman says this is possible using a Windows PC because "the Windows version of iTunes does not properly verify security certificates."

This seems legit, according to Apple Insider:

The hackers, who are not affiliated with Loman, have demonstrated the attack's efficacy by sharing screenshots of what they say are calls to Apple's iCloud activation service. A number of others have chimed in on social media with similar success stories.

Loman suggests two reasons for this being the case: that it's a simple beginner's mistake, or that it was done on purpose, possibly to allow intelligence agencies like the NSA an unparalleled level of access to iCloud data.

Until Apple pushes out a fix, don't use iCloud on a public Wi-Fi network!